Backup Exec, Volume Shadow Copy, Permissions etc


Ok, long story short, it all started with a Backup Exec 12.0 job suddenly failing.. One part of the whole job is backuping Exchange Server 2007 using a remote agent and the exchange server. In the job log of Backup Exec, i got a ‘Final error: 0xe000fed1 – A failure occurred querying the Writer status. ‘ ok, initially i thought, this is nothing new.. querying the writer status and seeing what this one’s reporting .. Logo_winlogo

This is the Backup Exec 12.0 Job log:

Job ended: Donnerstag, 28. April 2011 at 23:00:12
Completed status: Failed
Final error: 0xe000fed1 - A failure occurred querying the Writer status.
Final error category: Resource Errors

For additional information regarding this error refer to link V-79-57344-65233

and this:

Click an error below to locate it in the job log

Backup- server.domain.localV-79-57344-34110 - AOFO: Initialization failure on: "\\server.domain.local\Microsoft Information Store\xyz Storage Group". Advanced Open File Option used: Microsoft Volume Shadow Copy Service (VSS).Snapshot provider error (0xE000FED1): A failure occurred querying the Writer status. Check the Windows Event Viewer for details. Writer Name: Exchange Server, Writer ID: {76FE1AC4-15F7-4BCD-987E-8E1ACB462FB7}, Last error: The VSS Writer failed, but the operation can be retried (0x800423f3), State: Waiting for backup complete notification (5).

VssAdmin List Writers reported:

Writer name: 'Microsoft Exchange Writer' 
  
Writer Id: {76fe1ac4-15f7-4bcd-987e-8e1acb462fb7}Writer Instance Id: {c0784b22-2777-47ea-955c-6302ef023141}
State: [5] Waiting for completion Last error: No error

Checking Event Viewer:

Source: VSS

Event ID: 8193

Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.hr = 0x80070539. Operation:
OnIdentify event
Gathering Writer DataContext:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {e439464c-084e-42a6-bebb-79f6c877804e}

i got this solved by following MSFT-David Shen’s tip.. => Just deleted a Profile with a .bak extension..

Hi,
  

According to the research, the issue may be caused by an invalid entry inside the following registry sub tree.

HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\ProfileList

Please open the registry editor with regedit.

Expand and local to the subtree, check if there is an entry that has a ".bak" value appended. If so, this may be cause the failure when trying to resolve the SID of the writer.

Please backup the registry key first, and then delete that entry with the extra ".bak"

Then you may reboot the problematic server to check if it the issue can be fixed.

 

Ok, this solved the above mentioned error with EventID 8193

But there was another error, kept me from running the backup job successfully..

Source: CAPI2
Event ID: 513
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.
.

 

Microsoft Technet writes:


Event Details

Product:

Windows Operating System

ID:

513

Source:

Microsoft-Windows-CAPI2

Version:

6.0

Symbolic Name:

MSG_SYSTEMWRITER_ONIDENTITY_FAILURE

Message:

Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.%1.

Resolve

Modify the access control list on the registration folder

Component Object Model (COM) applications must be able to access the COM+ catalog files that are stored in the COM catalog folder. If the default access control list is changed on the COM catalog folder within the Windows folder, the Shadow Copy System Writer may not work properly.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To modify the access control list on the COM catalog folder:

  1. Click Start, and then click Computer.
  2. Navigate to %systemdrive%\Windows.

    By default, %systemdrive% is located at C:\.

  3. Right-click Registration, click Properties, and then click the Security tab.
  4. Click Advanced, and then click Edit.
  5. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  6. Click Edit to view the special permissions assigned to this folder.
  7. Ensure that the access control list matches the following criteria:
    • The local Administrators group has Full Control permissions applied to This folder and files.
    • The Everyone group has List folder/read data, Read attributes, Read extended attributes, and Read permissions applied to This folder and files.
    • The local SYSTEM account has Full Control permissions applied to This folder and files.
  8. If the permissions on this folder do not match what is listed in this procedure, make the appropriate changes, and then click OK.

Verify

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To verify that the Shadow Copy System Writer is working properly:

  1. Click Start, point to All Programs, and then click Accessories.
  2. Right-click Command Prompt, and then click Run as administrator.
  3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  4. In the command prompt window, type vssadmin list writers.
  5. Ensure that Writer Name: ‘System Writer’ is displayed in the list.

i followed these instructions, but the problem still existed. When calling VssAdmin List Writers  the System Writer wasn’t listed ..

I started Process Monitor and found an ACCESS DENIED on C:\Windows\winsxs\FileMaps\$$.cdf-ms for the NT AUTHORITY\NETWORK SERVICE. Funny, the guys writing Technet Articles and Help for MS don’t even know their own system in deep .. rofl .. however, granting NT AUTHORITY\NETWORK SERVICE the necessary rights, solved also this issue.

here’s my powershell get-history (including typos and retries Zwinkerndes Smiley), maybe it will help you:


[PS] C:\Windows\system32>Get-History

  Id CommandLine

  — ———–

  14 .\vssadmin.exe list writers

  15 icacls

  16 icacls %windir%\winsxs\filemaps\*.* /grant "NT Service\trustedinstaller:(F)"

  17 .\vssadmin.exe list writers

  18 icacls /?

  19 .\vssadmin.exe list writers

  20 Takeown /f %windir%\winsxs\filemaps\* /a

  21 icacls %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\SYSTEM:(RX)"

  22 icacls %windir%\winsxs\filemaps\*.* /grant "NT Service\trustedinstaller:(F)"

  23 icacls %windir%\winsxs\filemaps\*.* /grant BUILTIN\Users:(RX)

  24 icacls %windir%\winsxs\filemaps\*.* /grant BUILTIN\Users:(RX)

  25 icacls

  26 icacls %windir%\winsxs\filemaps\*.* /grant "BUILTIN\Users:(RX)"

  27 .\vssadmin.exe list writers

  28 .\vssadmin.exe list writers

  29 .\icacls.exe %windir%\winsxs\filemaps\*.* grant "NT AUTHORITY\NETWORK SERVICE:(F)"

  30 .\icacls.exe %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\NETWORK SERVICE:(F)"

  31 .\icacls.exe %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\NETWORK SERVICE:(F)"

  32 .\vssadmin.exe list writers

  33 .\icacls.exe %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\NETWORK SERVICE:(F)"

  34 takeown /f %windir%\winsxs\filemaps\* /a

  35 takeown

  36 takeown /f C:\Windows\winsxs\FileMaps\* /a

  37 icaclc C:\Windows\winsxs\FileMaps\*.* /grant

  38 icaclc C:\Windows\winsxs\FileMaps\*.* /grant "NT AUTHORITY\SYSTEM:(RX)"

  39 icacls C:\Windows\winsxs\FileMaps\*.* /grant "NT AUTHORITY\SYSTEM:(RX)"

  40 icacls C:\Windows\winsxs\FileMaps\*.* /grant "NT Service\trustedinstaller:(F)"

  41 icacls C:\Windows\winsxs\FileMaps\*.* /grant BUILTIN\Users:(RX)

  42 icacls C:\Windows\winsxs\FileMaps\*.* /grant "BUILTIN\Users:(RX)"

  43 .\icacls.exe %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\NETWORK SERVICE:(F)"

  44 .\icacls.exe c:\windows\winsxs\filemaps\*.* /grant "NT AUTHORITY\NETWORK SERVICE:(F)"

  45 .\vssadmin.exe list writers


Leave a Reply

Your email address will not be published. Required fields are marked *